ANKAREF INNOVATION AND TECHNOLOGY INC. / ANKAREF INOVASYON VE TEKNOLOJİ A.Ş. PRIVACY POLICY

Effective Date: 04.09.2021

Updated: 04.09.2021

ANKAREF Innovation and Technology Inc. and subsidiaries (“we”, “us”, “our”, etc.) are committed to protecting your privacy. This Privacy Policy (“Policy”) describes our practices in connection with information privacy on Personal Data we process through your individual use of the following services, products, and related mobile applications (collectively, the “Products”):

Fonri WiFi Mobile Application

Before you use our Products, please carefully read through this Policy and understand our purposes and practices of processing your Personal Data. In the Policy you will also find information about your rights on your Personal Data and how to execute your rights.

If you have any question regarding this Policy, please do not hesitate to contact us via:

E-Mail : info@ankaref.com

Phpne : 0 (312) 299 21 64

Address : ODTÜ Teknokent İkizler Blok, 1. Kat, No:3, 06800 Çankaya ANKARA

1- DEFINITIONS

In this Policy;

• Personal Data: any information which are related to an identified or identifiable natural person.

• Sensitive Personal Data: Data consisting of racial or ethnic origin, political opinions, religious or other philosophical beliefs, clothing; society, foundation or trade union memberships; health, sex life, criminal convictions, security measures, and biometric and genetic data. Before collecting Sensitive Personal data, a notification will be sent to you to take your consent. No sensitive personal data will be processed without your consent under any conditions.

• Smart Devices: Computing devices produced or manufactured by hardware manufacturers, with human-machine interface and the ability to transmit data that connect wirelessly to a network, including: smart home appliances, smart wearable devices, smart air cleaning devices, etc.

• App: Mobile applications developed by ANKAREF Innovation and Technology Inc. that allow end users to remotely control Smart Devices and with the ability to connect to the supplier’s IoT Platform.

• Law: Turkish Personal Data Protection Law no. 6698 (KVKK)

2- WHAT PERSONAL DATA DO WE PROCESS?

The personal data you provide us and/or we automatically collect due to your interest in our services and products, or your use of our services and products are including but not limited to:

2.1. Information You Voluntarily Provide Us:

• Account or Profile Data: When you register an account with us, we may collect your name and contact details, such as your email address, phone number, user name, and login credentials. During your interaction with our Products, we may further collect your nickname, profile picture, country code, language preference or time zone information into your account.

• Feedback: When using feedback or suggestion features of our Products, we will collect your email address, mobile phone number and your feedback content to address your problems and solve device failures on a timely basis.

2.2. Information We Collect Automatically

• Device Information: When you interact with our Products, we automatically collect device information, such as the MAC address of your devices, IP address, wireless connection information, operating system type and version, application version number, push notification identifier, log files, and mobile network information.

• Usage Data: During your interaction with our Sites and Services, we automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our Sites and Services.

• Log Information: When you use our app, the system and exception log may be uploaded. Please note that one cannot identify a specific individual by using Device Information or Log Information alone. However, if these types of non-personal information, combined with other information, may be used to identify a specific individual, such non-personal information will be treated as Personal Data. Unless we have obtained your consent or unless otherwise provided by data protection laws and regulations, we will anonymize and desensitize such non-personal information.

• Location Information: When you enable location-based functions through permission settings on your mobile device, we will collect and process your location information to enable certain functions, such as pairing with your Smart Devices. We may also collect information about your real-time precise or non-precise geo-location when you use our specific Products or Services, such as Weather Services. Based on your consent, when you enable the geo-fence feature on the Products, your location information will be generated and shared with Google Map services. Please note that Google has corresponding data protection measures, which you may refer to Google Data Protection Terms for more details: https://privacy.google.com/businesses/gdprservices/. You may reject such use of your location information by managing the permission settings in the Products, upon which we will cease to collect and use your location information.

2.3. Information Related to Smart Devices:

• Basic Information of Smart Devices: When you connect your Smart Devices with our Products or Services, we may collect basic information about your Smart Devices such as device name, device ID, online status, activation time, firmware version, and upgrade information.

• Information Reported by Smart Devices: Depending on the different Smart Devices you elect to connect with our Products or Services, we may collect different information reported by your Smart Devices. eg. for smoke sensor: smoke detection state, automatic detection results, battery level etc. are reported.

• Sensitive Personal Data: Includes personal communication records and contents, health information and location information. When we collect Sensitive Personal Data, we will generate a notification which will ask for your explicit consent and never process your Sensitive Personal Data without your explicit consent.

3- PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The purpose for which we may process information about you are as follows:

1. Provide You Services: We process your account and profile data, device information, usage data, location information, and Smart Device related information to provide you with our Products and Services that you have requested or purchased. The legal basis for this processing is to perform our contract with you according to our Terms of Use.

2. Improve Our Services: We process your device information, usage data, location information and Smart Device related information to ensure the functions and safety of our Products, to develop and improve our Products and Services, to analyze the efficiency of our operations, and to prevent and trace fraudulent or inappropriate usage. The legal basis for this processing is to perform our contract with you according to our Terms of Use.

3. Non-marketing Communication: We process your Personal Data to send you important information regarding the Services, changes to our terms, conditions, policies and/or other administrative information. Because this information may be important, you may not opt-out of receiving such communications. The legal basis for this processing is to perform our contract with you according to our Terms of Use.

4. Marketing Communication: We may process your Personal Data to provide marketing and promotional materials to you on our Products and Services. If we do so, each communication we send you will contain instructions permitting you to opt-out of receiving future communications of that nature. The legal basis for this processing is your consent. Additionally, if you consent to participate in our lottery, contest or other promotions, we may use your Personal Data to manage such activities.

5. Personalization: We may process your account and profile data, usage data, device information to personalize product design and to provide you with services tailored for you, such as recommending and displaying information and advertisements regarding products suited to you, and to invite you to participate in surveys relating to your use of our Products. The legal basis for this processing is your consent.

6. Legal Compliance: We may process your Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable laws and regulations; (b) to comply with legal process; (c) to respond to requests from public and government authorities (d) to enforce our terms and conditions; (e) to protect our operations, business and systems; (f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

If there is any change in the purposes for processing your personal data, we will inform such change to you via email and/or a prominent notice on our website of such changes of purposes, and choices you may have regarding your Personal Data.

4- WHO DO WE SHARE YOUR PERSONAL DATA WITH?

At ANKAREF Innovation and Technology Inc., we only share Personal Data in ways that we tell you about. We may share your Personal Data with the following recipients:

1. To our third-party service providers who perform certain business-related functions for us, such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support service, e-mail delivery services, and other similar services to enable them to provide services to us.

2. To our customers and other business partners who provide you, directly or indirectly, with your Smart Devices, and/or networks and systems through which you access and use our Sites and Services.

3. To an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings). In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your Personal Data, and choices you may have regarding your Personal Data.

4. As we believe to be necessary or appropriate: (a) to comply with applicable laws and regulations; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to protect our rights, privacy, safety or property, and/or that of other users, including you. For these purposes, we can share your Personal Data with institutions and organizations permitted by the Turkish Commercial Law and other legislation terms, and public legal persons such as BTK Information and Communication Technologies Authority of Turkey, KVKK Personal Data Protection Authority of Turkey.

5. Except for the third parties described above, to third parties only with your consent.

5- INTERNATIONAL TRANSFER OF INFORMATION COLLECTED

The Personal Data we collect from our App can be shared with international organizations and/or our international business partners, from whom we get data storage services or contractual services to facilitate our operations; for purposes stated in this Privacy Policy. This is done in compliance with the Law’s terms on international transfer of Personal Data. If you would like further detail on the safeguards we have in place, you can contact us directly as described in this Privacy Policy.

6- YOUR RIGHTS RELATING TO YOUR PERSONAL DATA

We respect your rights and control over your Personal Data. According to Article 11 of the Personal Data Protection Law of Turkey (KVKK), each person has the right to request to the data controller about him/her;

a) to learn whether his/her personal data are processed or not,

b) to demand for information as to if his/her personal data have been processed,

c) to learn the purpose of the processing of his/her personal data and whether these personal

data are used in compliance with the purpose,

d) to know the third parties to whom his personal data are transferred in country or abroad,

e) to request the rectification of the incomplete or inaccurate data, if any,

f) to request the erasure or destruction of his/her personal data under the conditions referred to in Article 7,

g) to request reporting of the operations carried out pursuant to sub-paragraphs (c) and (d) to third parties to whom his/her personal data have been transferred,

h) to object to the occurrence of a result against the person himself/herself by analyzing the data processed solely through automated systems,

i) to claim compensation for the damage arising from the unlawful processing of his/her personal data.

7- HOW TO EXERCISE YOUR RIGHTS

You can control your preferences about your Personal Data as follows:

• Using “Profile → Settings → Personal Information” or “Profile → FAQ and Feedback” pathways,

• Sending us an e-mail at info@ankaref.com

According to the Communiqué on the Principles and Procedures in Conforming with the Obligation to Inform (Veri Sorumlusuna Başvuru Usul ve Esasları Hakkında Tebliği), the application should contain the name, surname, signature (if the application is in print), Turkish I.D. No (Passport No. of the applicant is a foreigner), address of residence, e-mail address, phone number, fax number of the applicant and information regarding the subject of the appeal.

The applicant should explicitly state which rights he/she is willing to exercise. The documents regarding the application should be added to the application.

The application should not necessarily be about the applicant himself/herself. However, if the applicant is acting in place of someone else, he/she should be mandated to do so and provide the related legal mandate documents. In addition, the ID and address information of the mandated person should be added to the application. Applications done by third parties without a legal mandate will not be considered.

Your application to exercise your rights on your Personal Data will be evaluated and answered within 30 days of receipt. However, if this process requires additional expenses, we will be asking for the necessary compensations stated by the Personal Data Protection Law (KVKK).

Withdrawal of consent: You can exercise your right to withdraw your consent in the following ways:

1) For privacy permissions acquired through device system settings, your consent can be withdrawn by changing device permissions, including location, camera, photo album (picture library/video library), microphone, Bluetooth settings, notifications and other related functions.

2) Regarding marketing communications that you previously agreed to receive, you can withdraw your consent by using the “Unsubscribe” button inside the communications or contacting us via e-mail.

3) If you unbind the Smart Device through the app, the information related to the Smart Device will not be collected.

When you withdraw your consent or authorization, we may not be able to continue to provide you with the products or services correspondingly. However, your withdrawal of your consent or authorization will not affect the processing/storage of personal information collected based on your consent before the withdrawal. Your Personal Data collected prior to your withdrawal of consent will be stored for the duration stated in the “By-Law on Erasure, Destruction or Anonymization of Personal Data” (Kişisel Verilerin Silinmesi, Yok Edilmesi veya Anonim Hale Getirilmesi Hakkında Yönetmelik) published in the Official Gazette of the Republic of Turkey on October 8, 2017, and later disposed of with an appropriate method.

To delete your account: “Profile → Setting → User Information and Security → Delete Account” steps need to be followed. With the deletion of you account, the following data will be deleted:

1) Fonri WiFi account information

2) Cell phone information

3) Smart device data

4) Photos / videos

5) Feedbacks

6) Sensor information

7) User Scenarios

8- SECURITY

We use technical and administrative safeguards to store your Personal Data safely, provide the necessary level of security and prevent your data from being illegally processed. ANKAREF Innovation and Technology Inc. provides various security strategies to effectively ensure data security of user and device. As for device access, ANKAREF Innovation and Technology Inc. proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization. As for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported. As for data processing, strict data filtering and validation and complete data audit are applied. As for data storage, all confidential information of users will be safely encrypted for storage. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you could immediately notify us of the problem by emailing info@ankaref.com.

9- DATA RETENTION

According to the purposes stated in this Privacy Policy, if there is no legal regulation which requires us to store your Personal Data for a longer period of time, your Personal Data will be stored for the durations stated in the ANKAREF Storage and Disposal Policy. We determine the storage duration of your Personal Data according to their amount, nature and sensitivity. After the storage period is over, your data is disposed of in an appropriate manner. When we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further such use of your Personal Data.

10- CHILDREN’S PRIVACY

Protecting the privacy of young children is especially important to us. Our Services are not directed to individuals under the age of eighteen (18), and we request that these individuals do not provide any Personal Data to us. We do not knowingly collect Personal Data from anyone under the age of eighteen (18) unless we first obtain permission from that child’s parent or legal guardian. If we become aware that we have collected Personal Data from anyone under the age of eighteen (18) without permission from that child’s parent or legal guardian, we will take steps to remove that information.

11- CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by email (send to the e-mail address specified in your account) or by means of a notice in the mobile applications prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us as follows:

ANKAREF INOVASYON VE TEKNOLOJİ A.Ş.

Postal Mailing Address: ODTÜ Teknokent İkizler Blok, 1.Kat, No:3, 06800 Çankaya ANKARA

Email: info@ankaref.com